> Wearing a loud shirt, in a built up area, during the hours of darkness
"Looking at me in a funny way"
Vic.
5860 publicly visible posts • joined 7 Dec 2007
SQL injection is easy to fix using parameterized queries, they are widely supported and have been around for a long time.
Mostly...
I was writing some Python[1] a while back, and it required DB access - we were using MySQL.
The first library I tried - the "recommended" one - claimed that MySQL doesn't support prepared statements[1], so the library didn't try.
The second library I tried claimed to support prepared statements - but looking through the code, it simply did string substitution, so there was no protection against SQL injection whatsoever.
So whilst SQL injection *should be* a thing of the past, it's not entirey the fault of developers that read documentation; in some circumstances, the library developers are making claims that are simply untrue :-(
Vic.
[1] I ended up re-writing the code in perl; the problems went away :-)
> What about swapping engines with XL426 that is claimed to be taxiable?
Not enough, I'm afraid.
The engines need to be young enough to have an airworthy life ahead of them *and* they need proper provenance so that that can be assured. Rolls Royce need to sign off on that - and they are (quite understandably) being very conservative about the whole thing.
The 2014 and 2015 display seasons have been adjusted so that the throttles aren't moved during the display - this leads to reduced aging of the engines at the cost of increased fatigue in the airframe. This appears to be the best way to keep the aircraft flying for as long as possible.
The alternative is to find some suitable Olympus 202s, or remanufacture the ones currently in use. And as many of the original drawings and engineering documents for that engine have gone astray, that's not going to be a cheap option :-(
Vic.
> Famous entrepreneur reads book - Tweets opinion.
Yeah. I wonder how we affect his reading list?
I was up at Doncaster on Saturday, visiting the Vulcan. It will fly this season and next, then will likely run out of engines.
If only there were a well-heeled benefactor who could help with the remanufacturing...
Vic.
I've been with my ISP since they first came into exsistance in 1995, Eclipse internet.
I've just left them after they decided to restrict my DNS server.
Useless bunch of crooks. Their "support" is quite the opposite.
Since moving to Andres and Arnold, all the mysterious disconnections I used to get have simply gone away, without me changing any hardware. It turns out that it was a forced disconnect, just tlike the LLP traces I sent to Eclipse said it was...
I am so happy to have migrated, I really am.
Vic.
for that amount. I guarantee you'll get your money back with the issuing fees almost by return.
I issued Small Claims proceedings against PlusNet when the took an additional month's payment to which they were not entitled.
I got my money, but it was most assuredly not "by return". It was on the very eve of giong to court - indeed, the cheque did not clear before the court date, and I had to ask the court for a delay. That usually costs, but they understood the situation and waived the fee.
Vic.
What the US says basically trumps local law.
Only in the eyes of the US.
The local lawmakers still believe - rightly, IMO - that their laws apply in their territories.
This leaves US companies in something of an invidious position; it is entirely possible that, whatever they choose to do, they will be breaking one or other of the laws that apply to them.
I don't see this ending well...
Vic.
Some applications simply are not suitable all classes of device, even if the underlying API and tools let you write one app for all
I've written apps for multiple platforms in the past. My tool of preference is Glade.
This separates the application from the UI, meaning that re-skinning an app for a different platform or different role is simply a matter of re-drawing the UI in the RAD tool. As the UI is defined as XML, you can even hand-edit it for simple changes.
Qt does something similar, although my experience so far suggests that the "load the UI directly from XML" feature is less well-used than it is for Glade :-(
Vic.
it strikes me that the big likelihood is that everyone would just accept the change and move on
I really, really doubt that.
Now I've no real interest in the .ir domain - AFAIK, I've never even performed a DNS lookup against it before today, saving perhaps for rDNS lookmups during spam attacks against my server.
But I'm buggered if I'm going to let some tin-pot US judge decide to put a black hole into my access to the Internet. He doesn't have the authority to restict my lookups into a third country.
So if this were to happen, .ir would suddenly get an entry in my nameserver - a couple of NS records pointing to ns.irnic.ir (193.189.122.83) and a.nic.ir (193.189.123.2).
And then any posturinf in the US wouuld have zero effect whatsoever.
Am I alone in thinking like this? I really doubt it.
Vic.
I don't say the government should store it because it can
You did. From the start of your article :-
Australia's federal government should store metadata collected by the nation's Internet service providers (ISPs), because the government already operates suitable facilities in which to do so.
And that makes as much sense as "Australia's federal government should machine-gun everyone over the age of 50 because they already have the facilities to do so"...
Vic.
...that there don't appear to be any simple and published standards
Yeah, there are. They're laid down in the various parts of ISO 13818.
Sure there actually are standards in use to get the multicast streams from your ISP, however you'll never know what they use and if there's DRM in there.
They're transport streams. The enclosing format is very well-specified.
If there is DRM of any flavour in there, that is something you're not going to get any info about - but as a user, you don't need it; you just supply the appropriate parts of the data feed to the correct CAM, and out pops unencrypted video.
Something DRM-free which I can ask for in a store like DVB-T or DVB-S.
Neither DVB-T not DVB-S are DRM-free. And nor is IPTV. That's the way of it, and I don't see that changing any time soon.
This is the base for interoperability
It isn't. There is already interoperability - but that is entirely orthogonal to the presence of DRM.
Vic.
If this signal processing stuff were done in FPGA you wouldn't need new hardware you would just reconfigure.
It's not *quite* that simple; you'd need enough capacity/speed in the FPGA at manufacture time to cope with anything foreseen during the life of the decoder[1]. That tends to make it expensive and power-hungry - neither of which are good selling points.
Does anyone use this technology for TVs?
It's standard in TV encoders, but I don't see it catching on in decoders.
Vic.
[1] My introduction to Digital TV used a software-based decoder with hardware acceleration elements. It was a cracking chip for the time - 2x 64-bit CPUs with SIMD and a whole load of accelerator units, and this was back in the mid-90s. The "official" reason for it never getting to market was clearly bogus, but the reailty was that things like DigiCipher had simply gone away, leaving just MPEG-2. We couldn't compete with dedicated decoder chips - not in price, ease of use, nor power consumption.
And as for a client side buffer enabling pause/rewind, how does that work if you rewind to the beginning of the programme you tuned into half way through?
That's easy - you use one or more multicasts to transmit the bulk of the information, then use a per-subscriber unicast to fill in anything that's been missed.
It's a little tricky to get the PCR/PTS right - particularly if you're switching between several NVOD multicasts for the same channel - but this is not beyond the whit of man.
Vic.
would the broadcasters really be that keen on a whole load of new technology that requires capital investment, and may only hang around for a few years?
Broadcasters are already deploying HEVC-capable kit.
Disclosure: Guess what I've been doing for the last couple of years...
Vic.
In practise, are all the ISPs going to invest in the kit and the upgrades to their networks to make sure it all behaves well?
Multicasting actually makes life easier - rather than having to run packets end-to-end through their network, they only need to have one feed into it, with multiple feeds going out to end-users. It's actually a cost-reduction in the near-term.
There *might* be a little up-front cost if the ISP doesn't have switches that run IGMP snooping - but not every single switch needs that (the more that do, the more efficiently the network will run). IME, most commercially-available switches do have the capability, and there seem to be several GPL-licensed IGMP snoopers available.
And then decide that they'll provide a basic TV service out of the goodness of their little capitalist hearts?
That's exactly what *should* motivate them - but there's also a marketing angle there as well; with multicasts, there is much less chance of upstream network congestion causing delays to subscribers. BT are already making a fuss about this in their advertising for fibre-optic broadband; the "end of buffering" over copper lines could be a nice story to tell customers, and reduce costs as well.
Net result most likely to be lots of punters paying more than they do now, for a worse level of service.
Well, that's a given, whatever happens.
Vic.
In order to axe all of the repeats, it would be necessary to produce many times the current amount of new programmes
Or - and here's a radical thought - we could just have fewer channels.
That way, we could have the TV that people watch, without endless repeats on "On the Buses" et al.
We could even do away with some of these bandwidth squabbles...
Vic.
if someone has a big gaping hole in the timeline on their CV, we absolutely must not ask about it. The reason for this is that it could be prison time.
That's interesting - I was advised not to have any gaping holes on my CV, because an interviewer would assume it was something like prison time, and that would be the end of that.
I filled in the hole in my CV - which wasn't prison time, it was arse-around-spending-redundancy-money time - and things improved immediately.
Of course, that didn't stop the inquisition I got from one interviewer who insisted on asking me *many* times about the time between University and the first entry on my CV. The answer was the the same each time - the agent hadn't sent him the back page on my CV. Oh how I wish I'd remembered the advice I'd been given always to carry a clean copy of the CV to interviews...
Vic.
The problem is the page isn't delisted from the search engine, it is just not shown in results with the applicant's name.
Whatever you might be talking about now, it's different to what the OP suggested, and you declared impossible...
Vic.
[ Of removing pages from crawlers ... ]
> You can't. That is the problem.
You can. robots.txt will do it trivially.
It would be a better use of the justice system to penalise crawlers that publish outdate information after specifically ignoring robots.txt. But that would be too easy...
Vic.
The individual user's login credentials aren't used to access the database, instead the system loads shared credentials from a secret location
So the keys to the database are under the mat?
That's the very worst sort of "security by obsdcurity". If what you say is true, the application needs to be withdrawn immediately, as it is entirely unsafe.
Vic.
As a gout sufferer I know that large doses of these drugs are spectacularly successful on the right sort of problem.
I've had 2 gout attacks now.
Hydration is everything. I was dehydrated on both occasions, and rehydration sorted the problem out in double-quick time.
Ibruprofen worked in the short term, though :-)
Vic
Co-Proxamol (paracetamol + dextropropoxyphene - which has now been withdrawn due to causing other potentially lethal problems)
I had an operation on my hand some years ago, and after being discharged from hospital, I was prescribed co-proxamol.
It was utter shite. Did nothing for the pain.
I gave it up & self-prescribed G&T, which did a marvelous job of pain relief. Don't remember much of that week, though...
Vic.
p.s. for the back-pain sufferers here: the single most effective thing I've found is hanging from something high (my landing) by your hands. It's astonishing how much effect it can have. But landing on your feet when your arms give up can be a pain...
No.
Yes.
Source only has to be produced when requested by the user.
Source has to be produced when requested by *** ANY THIRD PARTY ***.
Don't take my word for it - go read the licence You're looking for section 3(b).
If you aren't a user, then Redhat doesn't have any obligations to you and never did.
Absolutely, fundamentally. 100% incorrect. Read the licence. It disagrees entirely with what you say.
This is how a company that creates GPL based derivative works for internal use doesn't have to give YOU a copy of what they have done
Wholly internal use does not constitute redistribution. But if they do redistribute, they must do so under one of the clauses of section 3. Pick one - the effect is much the same...
If you aren't a user, then Redhat doesn't have any obligations to you and never did.
Totally incorrect.
From GPLv2 section 3:
You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also ... Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange
Do you see the phrase "any third party" ? It's important. It means exactly what it says - *any* third party. It does not matter whether or not you are a RH client - *any* third party is entitled to a copy of the source code of anything redistributed under 3(b). And IME, everything RH reditributes is under 3(b).
Rights to the source are only conferred upon the user of the program. If you aren't a user, then you're irrelevant.
Seriously - read the licence. It disagrees with you.
Vic.
They can, but they would have to change how they deliver the binaries, such that the source is always delivered with them.
Even that would make little difference to anything - every single recipient of that combined source/binary package is entitled to redistribute it under the licence terms.
Even then Oracle could just buy a copy of the binaries.
Or ask someone else who has.
Vic.
The use of GPL in a commercial product obliges the company to supply the source upon request.
The commercial nature of the product actually makes little difference - only that binaries and object files may be redistributed unmodified under section 3(c) if it is non-commercial. This is merely a convenience - in practice, it makes no difference to the distribution of source, because the Section 3(b) promise under which is was initially distributed holds true for everyone, not just the initial recipient.
So potentially RH could withhold parts of a dist (e.g. BSD licenced stuff) if they felt like it though it would cause bad feeling in the open source community if they did.
Only when those BSD-licensed bits do not form part of a larger, GPL-licensed program.
But more importantly, RH *gets* open source. That's why they make money - they're not trying to hoodwink anyone or run scams. They stick to the spirit of the license as well as the letter.
They could also dual licence something really important that they developed themselves to stop the likes of Oracle leeching off it
Dual-licensing wouldn't help - either license may be used. And if neither license is GPL-compatible, the code cannot be used in a larger GPL-licensed piece of code. That's unlikely to be of use to RH...
But all this is academic - Oracle really isn't a problem for RH. They're an annoyance, no more.
Vic.
I understand and agree with the point you are making, but does the GPL really require Redhat to release their source code to the *public*
Yes.
That's section 3(b) of the GPLv2.
I thought the only requirement was to release the source to *those using the binaries*
No. This is often believed, but isn't true.
The only time a GPL provider can restrict his requirement to provide source to those that get the binaries from him are when he performs a Section 3(a) distribution - which requires source to *accompany* the binaries. RH doesn't do this - and nor do most people.
You don't see SLES source available to the public
https://www.suse.com/download-linux/source-code.html
Vic.
The explosive growth in real hardware performance over the last three decades has let us det away with abandoning fundamental principles of computer programming. Like tight, efficient code is better than bloatware.
The problem is widespread.
I was working at a place a while back where we were developing a wide-ranging Python application[1].
I saw one developer commit a piece of code that spawned a Java VM within the Python code. Why? The developer wanted to use a Java Hashmap.
Now I know that the Hashmap goes somewhat further that the Python Dictionary, particularly in things like type safety. But none of that was being used - it was just a key/value store. The Dictionary collection would have done the job perfectly, if only the guy in question had learnt enough of the language he was supposed to be using to have learnt it. Instead, he just used the tools he knew at the cost of *massive* run-time bloat.
Was he taken aside and shown the error of his ways? No, Management congratulated him on the substantial amount of code he had committed, and put pressure on the rest of us to hurry up and get it working...
Vic.
[1] Python was chosen by the then-head of Software Development, so it wasn't something I could argue with...
> Observing the driving, one wonders whether they have any rules.
Everyone has rules - the alternative would be carnage. But the rules might not be what they appear to be...
I was driving in Crete a few years back. All the other Brits had been moaning about the state of car drivers there. I was pleasantly surprised.
It turned out that in Crete, the only road marking that matters at all is the centre line of the road. All other lane markings are ignored.
The Cretans then make as many lanes as fit onto the tarmac they're driving on. And their lane discipline was *perfect*.
Once I'd grasped the actual rules in use, it was a pleasure to drive there...
Vic.
> Think of how much it would cost if it was good for business
Actually, according to the Swiss Government, it already is good for business...
Vic.
After all talking hands-free should logically be not much different than carrying on a conversation with a passenger
It is.
Compressed audio necessarily involves a delay. If this is <50ms, you won't notice.
But when the delay is ~150ms, the conversation is significantly distracting.
Next time you make a GSM call, think about the delay you're experiencing. It's not 50ms...
Vic.
I'd like a system with 2 passwords where the alpha password lets you in normally, but the beta password 'obliterates' the incriminating stuff whilst allowing access to the innocent but private stuff...
That's called a "duress password". It's used in many situations.
It's entirely precluded by people insisting on biometrics as authentication...
Vic.